Branch: refs/heads/QA_4_6 Home: https://github.com/phpmyadmin/phpmyadmin Commit: 6c95b73f9028f27ee3e9e4b56eda2d285c807b30 https://github.com/phpmyadmin/phpmyadmin/commit/6c95b73f9028f27ee3e9e4b56eda... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M libraries/core.lib.php M test/classes/plugin/auth/AuthenticationCookieTest.php M test/classes/plugin/auth/AuthenticationHttpTest.php M test/classes/plugin/auth/AuthenticationSignonTest.php M test/libraries/core/PMA_headerLocation_test.php Log Message: ----------- Do not append session IDs to all URLs in redirect There is no need to do that as we rely on session cookies anyway. Also appending sesson ID to external URLs is not a good idea. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 64f033d3b9d3fd698927500eb5fd2db8f88b9986 https://github.com/phpmyadmin/phpmyadmin/commit/64f033d3b9d3fd698927500eb5fd... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M ChangeLog M libraries/session.inc.php Log Message: ----------- Tighthen control on PHP sessions and session cookies - use only cookies for session - use http only cookies - disable transparent session IDs Signed-off-by: Michal Čihař <michal@cihar.com> Compare: https://github.com/phpmyadmin/phpmyadmin/compare/53af6a569925...64f033d3b9d3